20220715 abortion data collection illustration

A version of this story appears in CNN’s What Matters newsletter. To get it in your inbox, sign up for free here.

CNN  — 

Some of the most horrible predictions about a post-Roe v. Wade America are coming true as women contend with the new reality:

That seeking an abortion could break the law means people in states that restrict abortion must consider the trail of evidence they leave behind when they use their phones and computers as they look to obtain medical care.

RELATED: What abortion access looks like in your state

Google searches, location data and communications could all be used in an abortion prosecution; they’re used every day in American courtrooms for other cases.

CNN’s report about how personal data could be used to enforce anti-abortion laws outlined the lengths to which state authorities could go to enforce new laws.

I talked to Albert Fox Cahn, a lawyer and founder of the Surveillance Technology Oversight Project, about what’s happening, what could conceivably happen and how laws should be changed to protect people’s data privacy.

Our phone conversation, edited lightly for flow, is below.

What exactly do companies know about you?

WHAT MATTERS: What do companies and apps know about you, and what can they put together from that?

CAHN: Increasingly, tech companies know every place we go, everything we’ve searched for online and almost every moment of how our lives are spent.

It is an incredibly invasive and intimate way to reconstruct our lives, whether that’s to figure out what advertisers want to sell us or increasingly for police to try to investigate us.

How could this data be used in states where abortion is illegal?

WHAT MATTERS: The fear is this information could be used in abortion prosecutions, if those start happening. How is it currently used in the justice system?

CAHN: In 2022, electronic surveillance and device searches are an everyday part of American policing. Officers submit warrants to Google by the tens of thousands. … Nearly every app on our phone is collecting information that can potentially be used.

And even companies like Apple, which spend millions of dollars advertising privacy protections, oftentimes are completely unable to protect their users if they get a court order.

With abortion prosecutions, we’re not afraid of something unprecedented. We’re afraid of something that is already happening, simply accelerated, and we already see examples of pregnant people being targeted by police and prosecutors because of electronic information.

We’re talking about everything on your phone

WHAT MATTERS: It seems to me like communications – text messages and phone calls – would be a bigger tool for prosecutors if they were going after somebody seeking an abortion or somebody helping facilitate one. Is that a separate issue, or is that wrapped up into this?

CAHN: Oh, that’s all part of a threat modeling here. When we look at the constellation of risks, some of it comes from scraping massive amounts of data from Google, from social media companies and even from Apple. But a large part of it is simply looking at the text messages we send.

We continue to see people being reported to police by family, by friends, for seeking abortion services. It’s quite common in American courtrooms to see emails, text messages, even encrypted messages being read back into the transcript to be used against us.

Encrypting your communications can help reduce the risk, but you know, using the most secure platforms like Signal and also setting up messages to automatically delete is an even more effective safeguard.

What will spark an abortion investigation?

WHAT MATTERS: From your report, I learned about the importance of non-state actors. You talked about family members informing on people and activists tracking license plates. It’s not my impression that in states that ban abortion there will be an abortion police out there actively searching for this. It takes these activist groups to tee it up. Is that right? Or is that a misread?

CAHN: I think that it is both. So I think that’s correct today, but I fear that we will see designated abortion policing units in the future. Certainly during Roe, even in its waning days, we saw states relying extensively on private bounty hunters and activists to enforce abortion bans.

Famously in the case of SB 8 in Texas, the state turned to private companies, because it was unconstitutional under Roe for them to engage in that sort of anti-abortion policing themselves.

But it’s unclear in a world where the police can prosecute those seeking care directly whether we’ll see less of a focus on those private bounty hunters and private activist groups.

Will Google’s remedy help?

WHAT MATTERS: Google has said it will soon begin to delete data for visits to abortion clinics and health care locations. Is that a step in the right direction? Is that something to be celebrated, or is it nothing at all?

CAHN: This is far too little, far too late. Google has been warned that the way they are storing data poses a threat to civil rights for years.

And while we are all talking about the threat to abortion care right now, this also poses a threat to political protest, it poses a threat to freedom of religion, freedom of assembly – almost any right that we use.

In fact, almost any right that we exercise by coming together in a single place can be forever chilled by these sorts of warrants. And it’s not hypothetical. We saw Minneapolis police using a geofence warrant during Black Lives Matter protests in 2020.

Even by its own terms, Google’s approach isn’t enough. First off, for people who are providing abortion medication and services in states where it’s illegal, they’re not about to publicize to Google that they qualify as a health care facility. So Google wouldn’t even know to redact the information from that location.

And then second of all, even if they are redacting information from the clinic itself, you can still gain a lot of information by tracking someone’s movements in other areas, particularly if people are traveling out of state long distances.

So rather than saying that we should only have our privacy in select locations, Google should say that every place should be a safe place.

Will Biden’s remedy help?

WHAT MATTERS: President Joe Biden signed an executive order intended to protect abortion access, and the Federal Trade Commission has issued a warning to tech companies to protect data. Is that a step in the right direction?

CAHN: It is. I’d like to see much more aggressive action by the Biden administration.

We should be stripping federal law enforcement funds from police departments that abuse these tools to target abortion access – particularly right now, we see a lot of concern about how abortion laws are going to be enforced across state lines.

With pregnant people going to states like New York and Illinois to find care, there’s going to be a rush by anti-choice states to track those movements using geofence warrants, and to try to use truly unprecedented law to enforce their abortion bans across state lines.

The President has a lot more power to disrupt this sort of activity, whether it’s adding conditions to DOJ grants under the Byrne Discretionary Grant Program, whether it’s an executive order that this interferes with the right to travel, whether it’s suspending membership in Joint Terrorism Task Forces and other federal-state information sharing agreements for any agency that does this.

You know, there are huge pots of money at the federal level, funding state and local police, and none of that money should be funding attacks on abortion access.

There ought to be a law. What should it do?

WHAT MATTERS: The idea that there’s a need for a digital privacy law is not new. How will overturning Roe affect what should go into that law? And are you hopeful that there will be a new law in the near future?

CAHN: I think there will be many laws that go far further than would have seemed possible not long ago, but they won’t be federal. They’ll be state and local.

We’ve seen this stalemate on privacy for years at the federal level, and layering on the impact that these protections have for abortion will only polarize it further.

But we can see states like New York poised to enact really groundbreaking protections. We have the first bill pending in the country that will ban all geofence warrants, keyword warrants and police purchases of similar data. And that bill has been gaining momentum, and I expect will pass either in a special session later this year or early next year.

We also could see states enacting what I think will be crucial protection against data collection by companies. Companies get sued for negligence if they have poor cybersecurity practices, and they should get sued for negligence if they store data in a way that puts their users at risk of a geofence warrant, keyword warrant or a similar digital dragnet.

There are lots of companies – like Apple for example, which has many shortcomings in its privacy protections, but it cannot be forced to comply with a geofence warrant because it does not store its data in that format. If we have a state law that allows the public to sue when companies store data in this way, we can effectively outlaw geofence warrants nationwide.

Laws in one state can affect companies everywhere

WHAT MATTERS: Why would a law in New York or California help somebody in Texas or Mississippi?

CAHN: Well, first off because of interstate information-sharing agreements, police in one state routinely are helping police in another. It’s not hard to imagine how anti-choice officers in New York or California could facilitate out-of-state prosecutions.

But on top of that, we see that where states impose additional privacy protections, rather than creating 50 different versions of the products, companies usually comply with the most stringent privacy protection nationwide.

And so if we make it so that it’s illegal for Google and Uber and Lyft to save their data in a way which is vulnerable to a geofence warrant, that won’t just benefit New Yorkers. That will likely become a new national standard.

Aren’t women still better off in a more technologically advanced world?

WHAT MATTERS: When I wrote a story about the reality for American women before Roe v. Wade, I talked to one author who said the big difference in the post-Roe world is technology. Women will have access to information on the internet in a way that they never did before. They will be able to openly communicate with people who provide abortion services in other places. They’ll be able to contact groups that might send them medication. On balance, won’t technology help women in this new reality?

CAHN: No, I think it’s much more complicated. I think that the technological playing field will be deeply unbalanced. We know that more privileged, more wealthy abortion seekers are much less likely to be targeted by police in any case.

I can easily see a world in which wealthier individuals are able to use all of these tools to circumvent state bans and get care, while the low-income BIPOC (Black, Indigenous and people of color) individuals are most likely to be targeted. The pregnant people who are most likely to face police scrutiny lack the resources to get those same benefits.

I think prior to Roe, theoretically, nearly any pregnant person could travel out of state to get abortion care if they lived in a state where it was illegal, but it was wealthy, White cis women who work, overwhelmingly. I fear that history will repeat itself.

And as far as internet access to medically accurate information about abortion, I think we’re going to see a massive effort to try to censor information about abortion. …

There’ll be broad efforts to use the filtering ecosystem that is mandated for schools and prolifically in public libraries to try to ban this content. And really much of the internet censorship infrastructure we’ve built up over decades in the name of protecting children will now be weaponized in service of the so-called “unborn children.”

What should you do differently on your phone?

WHAT MATTERS: What’s one thing everybody should do right now with their phones to protect themselves?

CAHN: It’s a different answer for every person. Your threat model. What is your biggest risk? What are the things that you can do most easily – and really working through that can change over time.

It can mean everything from switching only to encrypted messages, making sure all of your messages delete after a short time, disabling any location tracking to the extent you can. Do privacy checkups for all of your apps, and minimizing the data retention.

But short of putting your phone in a Faraday bag and walking around with a Guy Fawkes mask on, there’s not much that individuals can do to truly eliminate every form of tracking.

And so it becomes a question of what is the proportional risk; what is the proportional response? And what is the way that you can not just help yourself and help people in your community, but then help push for the changes we need to help everyone?

Because I always fear that it’s going to be through users least at risk who have the resources to deploy the most sophisticated protections.

One more thing: facial recognition

WHAT MATTERS: Is there anything I missed?

CAHN: I don’t think we talked about facial recognition or biometric stuff.

So just you know, we continue to be very fearful that activists and law enforcement can monitor clinic entrances using automated license plate readers, using facial recognition, using other forms of biometric surveillance. These tools have truly gotten out of control.

And we continue to call for a clear categorical ban on them nationwide, because while this is one of the most heartbreaking ways that we’ll see them used, it is far from the only one.